An improperly configured database exposing the information of 191 million registered U.S. voters was discovered on Dec. 20. The database was taken offline Monday, Dec. 28, presumably to be patched.
Discovered by researcher Chris Vickery, who has since been working with with security website Databreaches as well as IT expert and security blogger Steve Ragan to pinpoint the cause, the unsecured voter list could become a problem for the people listed. Such lists can may contain more than the voter’s name, date of birth, gender, and address—which on their own is a good amount of personally identifiable information (PII).
As Databreaches.net, pointed out such lists can also include the voter’s ethnicity, party affiliation, e-mail address, phone number, state voter ID, and whether she is on the “Do Not Call” list. According to Ragan, the breached data did not include social security or driver license numbers.
MORE: On Experian’s data breach.
Still, that’s certainly enough data to help identity thieves get what they need—although given all the breaches afflicting hotel chains, credit agencies, and retailers, anyone who doesn’t think their PII isn’t already out in the wild is probably kidding themselves.
WATCH: For more on data breaches, watch this Fortune video.
The issue with voter lists, however, is that campaign consultants and marketing firms can (and do) use them for their own purposes—though that activity can be limited by state law.
From the Databreaches.net post mortem:
… databases developed for political campaigns may also include whether or not you voted in the last general and primary elections, whether you appeared to follow a party line vote, and there may be a score predicting whether you’re likely to vote in an upcoming election or for a particular party or candidate. Databases developed for issue-oriented campaigns or non-profits doing fundraising may contain even more personal information such as your religious affiliation, whether you’re likely to be anti-abortion, whether you’re a gun owner, etc.
SIGN UP: Get Data Sheet, Fortune’s daily newsletter about the business of technology.
For more on this breach, check out Vickery’s post on Reddit and Ragan’s article on CSOOnline.
